First weigh the considerations, then take the risks.
—Helmuth von Moltke (1800–1891)
The German military strategist Helmuth von Moltke advised that risks should be assessed before they are taken. This chapter discusses how risk assessment and risk quantification can best be achieved in a commercial or governmental enterprise.
Most companies have completed surveys of the risks they face, and have adopted systems to control some of the risks they have found. The depth of this analysis has varied from one company to another, depending on local factors. Not least among these factors would be the assessment by the management team and board members of the benefits that may be obtained from the risk-management approach.
However, many regulators, stock exchanges, and professional bodies have encouraged companies to improve the quality of their risk measurement, and have issued guidance, so there is considerable institutional conformance pressure (e.g., COSO 2004, Australia Standards 2004).
Some insights can be gained from the COSO definition of enterprise risk management, which reads as:
Enterprise risk management is a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, ...